Smart Buyer
  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
Top Posts
PC Cooling: How to Set up Computer Case...
5 Ways to Stream from PC to TV...
How to Choose the Correct RAM Upgrade
How to Troubleshoot a PC Power Supply
Four Apps that Make Your Tablet a Second...
2019 Solid State Drive (SSD) Buying Guide
6 Reasons Your PC is Slow and How...
How-to Guide: Small Office Network Setup
Born in the USA: Computer Hardware Made in...
Computer Monitor Buying Guide 2019

Smart Buyer

  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us

This year it seemed like the media reported a new data breach on a weekly basis—Target, Neman Marcus, PF Chang’s, Home Depot, JP Morgan, Michaels—prompting 2014 to be dubbed “The Age of the Hacks” by news outlets. And don’t get us started on selfie-gate.

While these retail hacks are newsworthy due to the number of users affected, they drown out the real cyber security threats small businesses face. There are many; check out these statistics:

  • SMB websites have a 20 percent chance of falling victim to cybercrime each year, according to the National Cyber Security Alliance.
  • 30 percent of targeted cyber-attacks were directed at businesses with fewer than 250 seats, citing a 2014 report from Symantec.
  • 60 percent of United Kingdom SMBs reported a cyber-security breach in 2013, according to government numbers.

Websites are prime targets. Since most small business owners maintain their own websites, and are hard-pressed to find the time to simply maintain the site, it is no surprise that many are unaware of how vulnerable their site is to attacks. For most instances, it’s a combination of lack of understanding about security, and disbelief that a cybercriminal would target their site out of 27 million business sites on the Internet.

Hackers target SMB websites because they’re easy and have valuable information.

Cybercriminals are after the username/password logons used by customers or clients.  Since users often have the same logon information for several sites and services, if a cybercriminal can snatch the username/password a client uses for an SMB site, chances are good that the same combination will work on other things, like e-mail or online banking. Cybercriminals hack SMB sites to spread malicious files as well.

“The most common problem we see affecting SMB websites is malicious code being saved to their web presentation space and distributed from there,” says Avast Threat Intelligence Analyst, Michael Salat. Perhaps you have noticed an otherwise out of place link to an adult site or a pharmaceutical store—that’s a tell-tale sign that site hacking has taken place.

“SMBs generally don’t have the resources that larger enterprises do to manage PC, web, mobile and infrastructure security,” says Tyler Moffitt, senior threat research analyst at Webroot. “To mitigate significant business risks, including protecting their website, a properly layered defense with effective endpoint and web security and monitoring needs to be in place.”

Moffitt was kind enough to go into detail about five things an SMB can do to better secure its website.

  1. Take Advantage of DNS provider’s security features. The domain name system can be a weakness in a company’s online presence. Not only do they need to manage and protect their own domains, but any certificates that the company relies on must be protected as well. If an SMB buys its own domains, they should ask their provider who’s managing it and make sure they have extra security precautions in place, like two-factor authentication.
  1. Update your web script constantly and use security plugins. Upgrade whenever there is a new version of your script available. Be sure to do it as soon as the upgrade is released, regardless if the upgrade contains new features of not. Even simple point upgrades will fix bugs in the script. Plugins can boost the core functionality of your web site’s script. Look to add plugins that will add extra security and install them.
  1. Change your database table prefix. If your website uses a blog or forum script, you can change the default database table prefix. For example, a WordPress blog carries the table prefix “wp.” If you change your table prefix, hackers will have a harder time getting data from your website.
  1. Delete your installation folders. Once you have completed the installation, it is not necessary to have the installer folder on your computer. It is possible for a hacker to remotely get into your computer and run the installer again. Once they get in, they can empty your database and control your website and content. Another option is to rename the installation folder rather than delete it.
  1. Train your staff to be vigilant. The threat here really comes from the fact that many employees still do not realize how sophisticated such attacks can be, and will continue to play a key role in [a cybercriminal] gaining access to an organization’s website, server or data. Social engineering attacks use real life events or communications coming from a known source as phishing emails are often indistinguishable from genuine requests. To combat this, organizations should take a layered approach to network security—from server-level encryption and device-level antivirus with anti-phishing protection, to educating employees on security practices.

On a related note, here are a few tips about training up your staff to be vigilant of phishing attacks: 10 Steps for Anti-Phishing Training.

We’d love to hear about the little things you do for website security in the comments section below.

Adam Lovinus

Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

More Posts - Website - Twitter - LinkedIn - Google Plus

anti-phishingantimalwareantivirussecuritysecurity softwaresoftware
2 comments
0
FacebookTwitterGoogle +PinterestEmail
Adam Lovinus
Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

previous post
5 Reasons to Go Ahead and Shop on Thanksgiving
next post
Five Signs That it May be Time to Replace Your Computer

Related Posts

Remote Workforce Security: Tips and Best Practices

December 9, 2020

Aruba Instant On Wants to Simplify Your Small...

August 2, 2019

What is ‘Fileless’ Malware Found Inside Server Hardware?

October 4, 2018

How to Layer Antivirus Software Without Slowing Your...

May 21, 2018

Securing the Office Printer in Six Steps

May 14, 2018

How to Wipe a Hard Drive Securely

April 23, 2018

Six Router Features That Optimize Small Business Networks

March 21, 2018

Secure a Wireless Network with Access Point Isolation

March 7, 2018

How to Work Remotely While Keeping Secure and...

November 14, 2017

Tips for Ransomware Removal, Detection, and Prevention

November 1, 2017

2 comments

Tips for Ransomware Removal, Detection, and Prevention #Security November 11, 2015 - 8:53 pm

[…] Website Security Tricks You Can Do Without Purchasing Anything […]

Reply
Tips for Ransomware Removal, Detection, and Prevention - HardBoiled November 16, 2015 - 4:13 pm

[…] Website Security Tricks You Can Do Without Purchasing Anything […]

Reply

What's your take? Cancel reply

Subscribe

Savings Spotlight
  • 1

    PC Cooling: How to Set up Computer Case Fans

    September 25, 2015
  • 2

    5 Ways to Stream from PC to TV or Digital Display

    May 23, 2016
  • 3

    How to Choose the Correct RAM Upgrade

    April 28, 2015
  • 4

    How to Troubleshoot a PC Power Supply

    July 11, 2018
  • 5

    Four Apps that Make Your Tablet a Second Monitor

    January 9, 2018
  • 6

    2019 Solid State Drive (SSD) Buying Guide

    December 6, 2018
  • 7

    6 Reasons Your PC is Slow and How to Fix It

    February 28, 2019
  • 8

    How-to Guide: Small Office Network Setup

    December 20, 2018
  • 9

    Born in the USA: Computer Hardware Made in America

    September 27, 2018
  • 10

    Computer Monitor Buying Guide 2019

    January 4, 2019

Newegg + Business

How is this different from Newegg.com?

Why NeweggBusiness?
  • Facebook
  • Twitter
  • Linkedin
  • Email